On 9/22/2017 9:24 AM, Warren Kumari wrote: > If Doh! is done right in my view it should be indistinguishable from > other web traffic and / or the collateral damage from blocking it > would be (hopefully!) politically untenable. DoH! That is indeed the main reason for doing DNS over HTTPS. The "javascript" use case is interesting, but not all that strong. We keep hearing about Java Script in web pages, but that's somewhat marginal. Flash scripts can certainly send UDP packets, so if there was use case it would not take long before Java scripts could send DNS queries over UDP. -- Christian Huitema